Hacker News new | ask | show | jobs
by MzxgckZtNqX5i 204 days ago
Relays can be malicious and try to tamper with the data. Think of Tor relay encryption like Signal's E2E encryption, where the relays are analogous to Signal's servers. You want to ensure they can neither see what you sent (confidentiality) nor modify it without detection (integrity).
1 comments
amelius 204 days ago
Yes, but if it's all encrypted tunnels inside encrypted tunnels (recursively), then those relays can't really see the data, right?
link
MzxgckZtNqX5i 204 days ago
That is correct. But, (in general) encryption does not necessarily guarantees integrity of the data. In other words, a plaintext can be encrypted, the ciphertext given to another party, and they can tamper with the ciphertext in a way that produces predictable changes in the message obtained by decrypting the tampered ciphertext.
link
amelius 204 days ago
Ok, but if I run (say) HTTPS over the innermost tunnel, then I suppose that HTTPS will take care of any discrepancies.
link
costco 203 days ago
The malleability of the ciphertext matters because it enables certain circuit tagging attacks as the article explains. It means that the exit relay could confirm you are using a guard relay also controlled by them and thus discover your origin IP address.

There are many reasons that these cryptographic tagging attacks are a lot worse than just the timing correlation attacks that are possible if you control the guard and exit of a client: https://archive.torproject.org/websites/lists.torproject.org...

link
MzxgckZtNqX5i 204 days ago
You can indeed use HTTPS with the end server (e.g., accessing Wikipedia). This correctly hides the traffic content from all relays.

To reach this point, though, you first need to set up the Tor circuit itself. This is done in a 'telescopic' fashion: the user connects via TLS to the first relay, then sends a message to extend the circuit to a second relay, then to the third (and usually last) relay. Finally, to open Wikipedia, you send a layered encrypted message to the last relay. All this data is link-protected by TLS on the wire, but protected by Tor's relay encryption mechanism while being processed by the nodes.

link